Lack of Two Factor Authentication (TFA) during password reset in IBM API Connect 5.0.0.0-5.0.8.3 Developer Portal
CVE-2018-1638 · MEDIUM Severity
AV:N/AC:M/AU:N/C:P/I:P/A:P
IBM API Connect 5.0.0.0-5.0.8.3 Developer Portal does not enforce Two Factor Authentication (TFA) while resetting a user password but enforces it for all other login scenarios. IBM X-Force ID: 144483.
Learn more about our Cis Benchmark Audit For Apple Ios.